.pif files

[rosie123]

I'm running a win2k server w/symantec anti-virus corporate edition. My end users have been complaining about the large amount of virus emails they receive on a daily basis and are looking at me to stop these.
The messages they receive are ones saying that the attachment has been quarantined (this message comes from the symantec software). Most of these virus emails have .pif attachments.
I told my end users that they would just have to deal with these emails because it's nearly impossible to eliminate.
Well, they don't like that answer.
So, now i'm here. What are the ramifications of blocking .pif files through the virus software? Would the emails stop completely? Or do I need to filter it out through Exchange? Can this even be done?
My fear is that if I block these files it may quarantine a legit email that we need.
Help!
Rosie

 

[Davetoo]

I would definately stop the PIF extension from getting through.

Are you running Symantecs Mail Security on your Exchange server? If you are, you can configure emails that have PIF attachments to be deleted and the user will never even see them.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[minxca]

Hi,

you can try this script from the anti spam software:

http://www.vamsoft.com/orf/howto-attfltr.asp

your user still receive the email but replace the attachment with a text (you can configure it by your self)

 

[rosie123]

I don't believe we are running Symantecs Mail Security. I'm not at the server but will check--i'm doubtful though. I read about it on symantecs site and am under the impression it's new and that it is purchased separately from the Anti Virus. correct?

--the user receives the email but the attachment is replaced with a text file---Winoto that's exactly what I'm trying to get rid of. My users don't want these emails.

 

[Davetoo]

Yes, the Mail Security is an additional product, but it's probably something you should have since it adds another level of protection to your network and users.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[Bleeno]

You can block the attachments via the server...In the ISA Management, SMTP Filter. You can block multiple attachements.

 

[2cornot2c]

Is your Exchange Server behind a Firewall. If so, what type of Firewall are you using.

We use a Watchguard Firebox 1000 and our Exchange server is behind it. The simplest way to stop and protect your users from receiving virus like attachments is to setup your Firewall to remove them prior to them entering your domain.

This has proved extremely beneficial, our Firwall blocks all bat, exe, scr, pif and all other virus like attachments. Due to the increase of ZIP file attachment viruses, we even block .ZIP files. If anyone on our network is expecting a ZIP file, they were instructed to let the sender know that they should add a .dat extension at the end of the ZIP file and it would pass through the Firewall. When the user on our network receives the ZIP file, they simply remove the .dat and open the file. This approach is very secure, you will be stopping the virus attachment prior to it reaching your Servers and your clients. The users will still receive there emails but there will be a text file attached notifying them that an attachment was blocked. The Firewall also has rules setup to block spam.

I guess you could purchase a Symantec product to install on your Exchange Server to remove the virus attachments. But, if you can stop it before it enters your domain then that would be ideal.